1.2 Banner

This line should be present Banner /etc/issue.net In above file below entries should be present.

/etc/issue.net

WARNING!!

This system is the property of the ITQuery Solutions Ltd. and should be accessed only by authorized users. Unauthorized use of this system is strictly prohibited and will be subject to disciplinary action and prosecution. Systems and Technology Department may monitor any activity or communication on this system and retrieve any information stored within the system.

1.3 Password Policy

/etc/login.defs

Below 4 Values should be present.

PASS_MAX_DAYS 30

(Maximum number of days a password may be used. If the password is older than this, a password change will be forced.)

PASS_MIN_DAYS 0

(Minimum number of days allowed between password changes. Any password changes attempted sooner than this will be rejected)

PASS_MIN_LEN 8

(Minimum Password Length)

PASS_WARN_AGE 15

(Number of days warning given before a password expires. A zero means warning is given only upon the day of expiration, a negative value means no warning is given. If not specified, no warning will be provided.)

1.4 Disable rsh service status

/etc/xinetd.d/rsh

Disable = yes

Check for # chkconfig --list rsh

rsh off

1.5 Telnet service status

/etc/xinetd.d/telnet

disable= yes

Check for # chkconfig --list telnet

telnet=off

1.6 Disable CTRL+ALT+DEL

cat /etc/inittab |grep ctrl

#ca::ctrlaltdel:/sbin/shutdown -t3 -r now

Comment out above line in inittab to disable ctrl+alt+del key sequence which can reboot the system

1.7 iptables Rules

The following example will drop incoming connections which make more than 5 connection attempts upon port 22 within 60 seconds:

LimitExcept prevents TRACE from allowing attackers to find a path through cache or proxy servers.

The “-“ before any directive disables that option.

FollowSymLinks allows a user to navigate outside the doc tree, and Indexes will reveal the contents of any directory in your doc tree.

Includes allows .shtml pages, which use server-side includes (potentially allowing access to the host). If you really need SSI, use IncludesNoExec instead.

AllowOverride None will prevent developers from overriding these specifications in other parts of the doc tree.

AddIcon
IndexOptions
AddDescription
ReadmeName
HeaderName
IndexIgnore

Remove all references to these directives, since we disabled the fancy indexing module.

Alias /manual

Don’t provide any accessible references to the Apache manual, it gives attackers too much info about your server. (remove)

5.3 Apache module “mod_security“

ModSecurity™is an open source, free web application firewall (WAF) Apache module. With over 70% of all attacks now carried out over the web application level, organizations need all the help they can get in making their systems secure. WAFs are deployed to establish an external security layer that increases security, detects and prevents attacks before they reach web applications. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.

It is recommended to Install and configure mod_secutiry a plugin for apache’ httpd server to secure and filter the request received and served.